From 270d7141a34d9a175b1e21b8cdb85bf6f3715d23 Mon Sep 17 00:00:00 2001 From: Pavel Březina Date: Fri, 1 Feb 2013 12:17:47 +0100 Subject: subdomains: replace invalid characters with underscore in krb5 mapping file name https://fedorahosted.org/sssd/ticket/1795 Only alpha-numeric chars, dashes and underscores are allowed in krb5 include directory. --- src/providers/ipa/ipa_subdomains.c | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) (limited to 'src/providers') diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c index 0bf2e5d8e..45b5a1688 100644 --- a/src/providers/ipa/ipa_subdomains.c +++ b/src/providers/ipa/ipa_subdomains.c @@ -294,22 +294,46 @@ ipa_subdomains_write_mappings(struct sss_domain_info *domain, errno_t err; TALLOC_CTX *tmp_ctx; const char *mapping_file; + char *sanitized_domain; char *tmp_file = NULL; int fd = -1; mode_t old_mode; FILE *fstream = NULL; size_t i; + if (domain == NULL || domain->name == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("No domain name provided\n")); + return EINVAL; + } + tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; + sanitized_domain = talloc_strdup(tmp_ctx, domain->name); + if (sanitized_domain == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strdup() failed\n")); + return ENOMEM; + } + + /* only alpha-numeric chars, dashes and underscores are allowed in + * krb5 include directory */ + for (i = 0; sanitized_domain[i] != '\0'; i++) { + if (!isalnum(sanitized_domain[i]) + && sanitized_domain[i] != '-' && sanitized_domain[i] != '_') { + sanitized_domain[i] = '_'; + } + } + mapping_file = talloc_asprintf(tmp_ctx, "%s/domain_realm_%s", - IPA_SUBDOMAIN_MAPPING_DIR, domain->name); + IPA_SUBDOMAIN_MAPPING_DIR, sanitized_domain); if (!mapping_file) { ret = ENOMEM; goto done; } + DEBUG(SSSDBG_FUNC_DATA, ("Mapping file for domain [%s] is [%s]\n", + domain->name, mapping_file)); + tmp_file = talloc_asprintf(tmp_ctx, "%sXXXXXX", mapping_file); if (tmp_file == NULL) { ret = ENOMEM; -- cgit